VIDEO
Your Phone Holds the Keys — And Hackers Know It
Video Summary:
Phones have quietly become one of the most important—and least protected—parts of corporate identity infrastructure. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down why attackers are increasingly targeting mobile devices as a pathway into corporate environments. The discussion unpacks the newly disclosed Coruna iPhone exploit toolkit and explains what a compromised phone can unlock: MFA approvals, password managers, and live SaaS sessions—giving attackers a path to corporate access without ever touching the corporate network. The conversation also explores the broader mobile risk landscape, including research showing widespread vulnerabilities in consumer apps such as mental-health platforms with millions of installs. When sensitive personal data, corporate identity tokens, and insecure applications coexist on the same device, the phone can become a back door into corporate systems. Key Takeaways for IT and Security Leadership 1. Treat Mobile Devices as Identity Infrastructure - Mobile phones are no longer just communication tools, they are authentication devices, identity recovery channels, and approval platforms for sensitive corporate actions. Treat executive and admin phones as part of your identity stack, not “personal tech.” 2. Control High-Risk Apps on Work-Enabled Phones - Don’t try to “secure all apps.” Define a short list of high-risk categories (messaging, remote access, AI assistants, file sharing, VPN/proxy tools, sideloading) and set a policy for what is allowed on devices used for corporate identity and communications. 3. Continuously Vet Apps, Not Just Once - App risk changes over time as permissions, SDKs, and data flows evolve. Adopt a lightweight recurring review process for apps used on work-enabled devices—especially those that handle sensitive data or request broad permissions. 4. Reduce Sensitive Data on Personal Phones Used for Work - Phones used for corporate email, MFA, or admin access should have tighter expectations for what data and apps live on them. Establish a “work phone hygiene” standard—especially for executives and privileged users—so sensitive personal apps and corporate identity don’t share the same risk surface. 5. Reevaluate BYOD for Privileged Users - If administrators and executives approve MFA and access SaaS from personal phones, you are inheriting the risk profile of those devices. Consider managed-device requirements (or stricter conditional access) for high-privilege roles. 6 .Include Mobile in Incident Response Planning - Mobile compromise can undermine identity even when laptops and servers look clean. Ensure your IR plan includes mobile triage and a fast path to revoke sessions, reset tokens, and re-establish trusted authentication. Resources 1.Coruna: A Powerful iOS Exploit Kit Targeting Older Apple Devices (Google Threat Intelligence) https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit 2. Phones: Mobile Device and BYOD Security (LMG Security) https://www.youtube.com/watch?v=grOUxRPEHfc 3. Global Mobile Threat Report 2025 (Zimperium) https://www.zimperium.com/global-mobile-threat-report/ 4. Security Analysis of Popular Mental Health Apps (Oversecured) https://oversecured.com/ 5. Pegasus Spyware Research and Investigations (Citizen Lab) https://citizenlab.ca/category/research/pegasus/
Phones have quietly become one of the most important—and least protected—parts of corporate identity infrastructure. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down why attackers are increasingly targeting mobile devices as a pathway into corporate environments. The discussion unpacks the newly disclosed Coruna iPhone exploit toolkit and explains what a compromised phone can unlock: MFA approvals, password managers, and live SaaS sessions—giving attackers a path to corporate access without ever touching the corporate network. The conversation also explores the broader mobile risk landscape, including research showing widespread vulnerabilities in consumer apps such as mental-health platforms with millions of installs. When sensitive personal data, corporate identity tokens, and insecure applications coexist on the same device, the phone can become a back door into corporate systems. Key Takeaways for IT and Security Leadership 1. Treat Mobile Devices as Identity Infrastructure - Mobile phones are no longer just communication tools, they are authentication devices, identity recovery channels, and approval platforms for sensitive corporate actions. Treat executive and admin phones as part of your identity stack, not “personal tech.” 2. Control High-Risk Apps on Work-Enabled Phones - Don’t try to “secure all apps.” Define a short list of high-risk categories (messaging, remote access, AI assistants, file sharing, VPN/proxy tools, sideloading) and set a policy for what is allowed on devices used for corporate identity and communications. 3. Continuously Vet Apps, Not Just Once - App risk changes over time as permissions, SDKs, and data flows evolve. Adopt a lightweight recurring review process for apps used on work-enabled devices—especially those that handle sensitive data or request broad permissions. 4. Reduce Sensitive Data on Personal Phones Used for Work - Phones used for corporate email, MFA, or admin access should have tighter expectations for what data and apps live on them. Establish a “work phone hygiene” standard—especially for executives and privileged users—so sensitive personal apps and corporate identity don’t share the same risk surface. 5. Reevaluate BYOD for Privileged Users - If administrators and executives approve MFA and access SaaS from personal phones, you are inheriting the risk profile of those devices. Consider managed-device requirements (or stricter conditional access) for high-privilege roles. 6 .Include Mobile in Incident Response Planning - Mobile compromise can undermine identity even when laptops and servers look clean. Ensure your IR plan includes mobile triage and a fast path to revoke sessions, reset tokens, and re-establish trusted authentication. Resources 1.Coruna: A Powerful iOS Exploit Kit Targeting Older Apple Devices (Google Threat Intelligence) https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit 2. Phones: Mobile Device and BYOD Security (LMG Security) https://www.youtube.com/watch?v=grOUxRPEHfc 3. Global Mobile Threat Report 2025 (Zimperium) https://www.zimperium.com/global-mobile-threat-report/ 4. Security Analysis of Popular Mental Health Apps (Oversecured) https://oversecured.com/ 5. Pegasus Spyware Research and Investigations (Citizen Lab) https://citizenlab.ca/category/research/pegasus/
